Sensitive Information Disclosure in Telegram for macOS
CVE-2021-27205

5.5MEDIUM

Key Information:

Vendor

Telegram

Status
Telegram
Vendor
CVE Published:
12 February 2021

What is CVE-2021-27205?

The Telegram application for macOS prior to version 7.4 (212543) has a significant vulnerability where it stores local copies of self-destructing messages in a sandbox path. This behavior can lead to unintended access to these sensitive messages, compromising user privacy and potentially exposing confidential information.

References

https://www.inputzero.io/2020/12/telegram-privacy-fails-a...
x_refsource_MISC
https://www.youtube.com/watch?v=Go-4srm_1fQ
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.